CNNVD-202507-3644 Information
CNNVD ID
CNNVD-202507-3644
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
NanoMQ是美国EMQ开源的一款用于物联网边缘平台的轻量级快速 MQTT Broker。 NanoMQ 0.21.10版本存在安全漏洞,该漏洞源于访问控制不当,攻击者可能利用MQTT通配符绕过安全限制,访问敏感系统主题消息。
Description (English)
NanoMQ is a lightweight fast MQTT Broker for the EEMQ open source in the United States of America. The NanoMQ version 0.21.10 contains a security loophole stemming from inappropriate access controls, and the attackers may use the MQTT designer to circumvent security restrictions and access sensitive system thematic messages.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
EMQ
Published
2025-07-29
Last Modified
2026-02-24
References
https://github.com/songxpu/bug_report/blob/master/MQTT/NanoMQ/CVE-2024-42655.md https://github.com/nanomq/nanomq https://github.com/nanomq/nanomq/issues/1782#issuecomment-2171025812 https://access.redhat.com/security/cve/cve-2024-42655
Patch
https://github.com/nanomq/nanomq/releases
Share on: